Back to search
CVE-2005-4135
Published: Dec 9, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1015323
vdb-entry
x_refsource_SECTRACK
20051207 SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew
mailing-list
x_refsource_BUGTRAQ
ADV-2005-2807
vdb-entry
x_refsource_VUPEN
15764
vdb-entry
x_refsource_BID
17949
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now